ISSUE 20 | QUARTER 1 - 2018

March 2018

Defence Practice Against Cyber Attacks Training, Tokyo, Japan

25 February - 10 March 2018

On February 25 to March 10, 2018, CyberSecurity Malaysia participated in the Defense Practice Against Cyber Attacks Training in Tokyo, Japan.

The program organized by Japan International Cooperation Agency (JICA) is based on ASEAN - Japan Information Security Policy Meeting to discuss on the creation of safe ICT utilization environment in the region.

The exercise was aimed at enhancing the capacity of ASEAN member countries, especially against Advance Persistent Threat (APT) attacks and increased skills and capabilities on cyber attacks. A total of 17 participants from Malaysia, Cambodia, Laos, Thailand, Myanmar, Philippines and Vietnam were invited to attend the training program.

The program has provided participants the opportunity to network and connect in order to improve incident management in addressing cyber security incidents. It is a platform for information exchange and updating information on key issues related to cyber security incidents.

IOT / Embedded Device Hacking Training, Hong Kong

26 February - 23 March 2018

CyberSecurity Malaysia participated in the IOS / Embedded Device Training program organized by CoreSecurity in Hong Kong from 26 February to 23 March 2018.

Participation in the program is aimed at enhancing the expertise of CyberSecurity Malaysia in order to provide the System Vulnerability and Penetration Assessment Services to Malaysia’s critical sector agencies (CNII).

In order to ensure the expansion of the scope of service offerings, CyberSecurity Malaysia also conducts research on cyber security threats against IOT Embedded Device such as medical devices, CCTV and others.

CyberSecurity Malaysia was represented by Siti Aminah Amhad Sahrel and Fateen Nazwa Yusof from the MyVAC Department. CyberSecurity Malaysia's participating officers have learned the basics of security assessment; types of cyber attacks against IOT embedded devices and identifying the root cause of cyber threats to the Embedded Device IOT and methods of dealing with the virus.

International Waqf & Blockchain Forum 2018, Kuala Lumpur

1 March 2018

On March 1, 2018, CyberSecurity Malaysia participated in the International Waqf & Blockchain 2018 Forum organized by The International Center for Waqf Research (ICWR), an agency under the auspices of the International Islamic University Malaysia (IIUM) and Finterra Technologies Sdn Bhd.

The forum received entries from various academician, professional researchers and practitioners in the field of blockchain security. Through this forum, participants learned the potential of blockchain technology to support the management and development of waqf on a global scale, as well as to promote the latest developments in the Islamic economy.

The sharing of knowledge from academia and professionals has narrowed the gap and built an understanding of blockchain from various aspects nationally and globally.

CyberSecurity Malaysia was represented by Dr. Solahuddin Shamsuddin, Chief Technology Officer. He became the moderator at a discussion session entitled "Blockchain Security".

At the conference, Dato' Dr. Amirudin also became a panelist at the forum session and delivered a presentation titled "Transforming of Nation into a Cyber Security Leaders: Lesson from Malaysia". Meanwhile, Fauzi Mohd Darus from Digital Forensics Department of CyberSecurity Malaysia became a panel at a forum session entitled "Need for Organizational CERTs / Sector CERTs and National CERT".

While in Pakistan, the delegation of CyberSecurity Malaysia also made a courtesy visit to His Excellency Malaysian High Commissioner in Pakistan, Mr. Ikram Mohammad Ibrahim at Rumah Malaysia.

In addition, several series of presentations were delivered by Dato' Dr. Amirudin. Among others were the cyber security talks to the National University of Science and Technology (NUST) students, Pakistani entrepreneurs during a visit to National Incubation Center (NIC) Ministry of IT, Pakistan and speech to the CIT-CERT Coordination Center student at Center of Information Technology, Islamabad.

The participation of CyberSecurity Malaysia at this conference as well as a series of excursions while in Pakistan has successfully established a great cooperation with various parties. It also strengthens CyberSecurity Malaysia's position as a specialist agency and a leader in cyber security in the region.

12th International Technology, Education And Development Conference, Valencia, Spain

3 - 10 March 2018

On 3 to 10 March 2018, CyberSecurity Malaysia participated in the 12th International Technology Conference, Education And Development (INTED) Conference in Valencia, Spain.

yberSecurity Malaysia research paper entitled "Cyber Parenting Module Development For Parents" was published by INTED 2018. For further information, the research paper can be downloaded at https://iated.org/publications. The conference was attended by over 700 participants comprising academician, government officials, businessmen, IT experts from around the world. Over 500 research papers related to learning, pedagogy and research involving students and teachers were presented during this conference.

CyberSecurity Malaysia was represented by Lt Kol Mustaffa Ahmad (Retired), Senior Vice President, Outreach and Capacity Building Division and Ramona Susanty Ab Hamid from Outreach and Corporate Communications Departments. During this conference, Lt Col Mustaffa (Retired) was honored to chair one of the sessions, titled "Ethical Issues and Digital Divide". At this session five speakers from Russia, Portugal, Spain, Estonia and Malaysia have made their respective papers presented.

CyberSecurity Malaysia's participation in this conference has provided opportunities for information exchange, updating information with overseas participants and understanding key issues pertaining to learning and modules to enhance the delivery of cyber security issues. In addition, it also provides opportunities for networking with participants from various countries.

Product Monitoring and Testing for Malaysia Common Criteria (MyCC), Washington, United State of America

10 - 18 March 2018

CyberSecurity Malaysia participated in the product monitoring and testing programs for Common Criteria certification in Washington, the United States on 10 to 18 March 2018.

The program which was organized by BAE Intelligence Sdn Bhd was implemented to test and identify the security features available on the product so that it is secure from cyber threats. The tests performed were according to ISO / IEC 15408 standards for methods and ISO / IEC 17025 for accreditation of testing laboratories.

Products that have passed through this testing process were given the certification and recognition of Common Criteria. CyberSecurity Malaysia is an organization accredited by the Common Criteria Recognition Agreement (CCRA) to certify products under Common Criteria testing and certification.

The involvement of CyberSecurity Malaysia in the process of testing and monitoring is a recognition of CyberSecurity Malaysia's expertise and capability in providing ICT assessment and certification services through the MyCC Scheme.

Malaysia is a member of the CCRA Certificate Authorizing Participant. Certified products through the MyCC Scheme are recognized globally, especially among CCRA member countries.

12 - 16 March 2018

On 12 to 16 March 2018, CyberSecurity Malaysia has participated in the FOR610: Reverse-Engineering Malware - Malware Analysis Tools and Techniques Training program in Singapore.

The program organized by the SANS Institute was held to provide training on the techniques of malware analysis. This training also provides information on methods of understanding malware software capabilities and threat intelligence, ways to respond to cyber security incidents and also to ensure the security of cyber defense for an organization.

CyberSecurity Malaysia's participation in this training program has improved the skills and expertise in analyzing malware software to create robust cyber defenses.

FIRST 2018 Technical Colloquium Forum, Osaka, Japan

14 - 16 March 2018

On 14 to 16 March 2018, CyberSecurity Malaysia participated in the FIRST 2018 Technical Colloquium Forum in Osaka, Japan. CyberSecurity Malaysia research paper was accepted by the FIRST TC Committee 2018.

The forum organized by FIRST is a platform for discussions between FIRST members and delegates to share information on weaknesses, incidents, devices and issues affecting the operation of security forces response. Most attendees were professionals, lawyers, security experts, students, government officials, businessmen and IT professionals.

Discussions also covered various aspects of cyber security, including product safety in general, critical device security, rules relating to Internet of Things (IOT) devices, case studies and threats to IOT.

CyberSecurity Malaysia was represented by Megat Muazzam Abdul Mutalib and Norlinda Jaafar from Malaysia's Computer Emergency Response Team (MyCERT). The forum provided an opportunity to exchange information, update information with participants from abroad as well as understand important issues related to technical crimes by cyber criminals. It was also an opportunity for international cooperation with various countries to work together to solve technical problems.

20th International Conference on Information, Networking and Wireless Communications, London

15 - 16 March 2018

CyberSecurity Malaysia attended the 20th International Conference on Information, Networking and Wireless Communications (ICINWC 2018), organized by the International Academy of Sciences, Engineering and Technology (WASET) in London on March 15 and 16, 2018.

The conference is a platform where academic scientists, researchers and research scholars gather to exchange and share experiences and research findings in terms of information, networks and wireless communications.

A few research papers were presented at this conference, among others, "Comparison of Authentication Methods in Internet of Things (IoT) Technology", "Phishing Detection: Comparison Between Uniform Resource Locator and Content-Based Detection" and "Comparison of Web Development Using Framework over Library ".

The conference opened the opportunity for CyberSecurity Malaysia's delegation to discuss with research communities from various industries and governments to further expand MyVAC services and promote Vulnerability Assessment and Penetration Testing (VAPT) services.

17 - 25 March 2018

On 19 to 23 March 2018, CyberSecurity Malaysia attended the World Summit on the Information Society 2018 (WSIS) in Geneva, Switzerland. The International Telecommunication Union (ITU) Summit is the world's largest annual gathering of ICT development communities around the world.

WSIS provides opportunities for information sharing, knowledge creation and best practices to identify new trends. In addition it also fosters partnerships with regard to the evolution of information as well as information society among entities from the private sector as well as academic institutions.

A total of 18 categories related to 11 WSIS Action Plans were nominated at the WSIS Competition 2018. Out of 685 projects worldwide, 492 projects were nominated for the WSIS Prize 2018. Following the comprehensive review process by the Expert Group, only 90 ICT-related projects and initiatives were selected to receive WSIS Champion 2018 award.

Products developed by MAMPU and CyberSecurity Malaysia,”The Malaysian Public Sector Digital Business Tools” (MyISMS) have won the highest votes and awarded the Champion under Category 17 Ethical Dimensions at the WSIS Prize Award 2018.

This success has sparked CyberSecurity Malaysia's name as a specialist in information security management in the world. The presence of CyberSecurity Malaysia representative, Maslina Daud, Senior Vice President of Cyber Security Proactive Service and Sabariah Binti Ahmad from the Security Management and Best Practises Department has successfully promoted the products and services provided by CyberSecurity Malaysia. It also provided opportunities for new trend sharing, issues and updates, best practices and foster partnerships between government entities, the private sector and academic institutions.

FOR578: Cyber Threat Intelligence Course, Singapore

19 - 23 March 2018

The program is a technical training focused on structured analysis to establish the basis of cyber security skills covering operational and strategic aspects to understand the growing landscape of accurate and effective threats.

20 - 21 March 2018

The workshop was held to provide an understanding of the Malaysian Government Chief Security Officer Officers on cyber incident handling and the application of the Cyber 999 Customer Relation Management (CRM) Application System.

At this workshop, participants were introduced to various types of cyber security incidents, incident handling management and practical exercises of the Cyber999 CRM Application System for efficient and effective incident management.

By organizing this workshop, collaboration between CyberSecurity Malaysia and the Malaysian Government Chief Security Officer in cyber security were strengthened to develop expertise in ICT security.

20 - 23 January 2018

CyberSecurity Malaysia attended 6th Annual Cyber Intelligence Asia Conference and Exhibition on March 20 to 23 in Singapore. The Intelligence-Sec Limited (UK) conference was held to discuss cyber threats in the Asia-Pacific region and to share information on the methods and development of cyber security strategies and ways to address threats such as Fake News, Malware, Phishing, Trojan and others.

CyberSecurity Malaysia was represented by Fazlan bin Abdullah from the Government Relations Department. He became a panelist and delivered a presentation titled "Cyber Security Developments And Challenges - Malaysia Perspective" at a forum session entitled "Interactive Panel Discussion: Combating Internet Crimes In The Region ".

By participating in the conference, CyberSecurity Malaysia had the opportunity to share experiences on the implementation of National Cyber Security Policy, analyse case studies and best practices in cyber security implementation by other countries, establishing collaboration with agencies and seminar participants for strategic cyber security and explore collaborative opportunities potentially with agencies from the affected countries.